Ok then this definitely did not work. I will try to get back to you on Monday with a test case. Oh and I m using wildfly 8.0.2 which I believe uses cxf version 2.7.13?
On Friday, April 3, 2015, Colm O hEigeartaigh <[email protected]> wrote: > > Unfortunatelly i m out of the office at the moment so I cannot provide a > > test case. Do you mean I still need the SignedElements part? > > > > > No. Change "SupportingTokens" to "SignedSupportingTokens" in your original > policy, no SignedElements is required here. > > Colm. > > > > > > On Friday, April 3, 2015, Colm O hEigeartaigh <[email protected] > <javascript:;>> wrote: > > > > > > > > I tried this before and the Username was still not signed. Only when I > > >> used SignedEncryptedSupportingTokens the username is getting signed > (and > > >> not encrypted by the way, which is what I want at the moment). > Probably > > I > > >> am doing something wrong but this works for me now. > > >> > > > > > > Any chance of a test-case? Both scenarios should work fine. By the way, > > > the UsernameToken should be signed/encrypted, not just the "Username" > > part > > > of it. What version of CXF are you using? > > > > > > Colm. > > > > > > > > >> Thanks for the feedback! > > >> > > >> Alex > > >> > > >> On Fri, Apr 3, 2015 at 4:33 PM, Colm O hEigeartaigh < > > [email protected] <javascript:;> > > >> <javascript:_e(%7B%7D,'cvml','[email protected] <javascript:;>');>> > wrote: > > >> > > >>> Simply change "SupportingTokens" to "SignedSupportingTokens". > > >>> > > >>> Colm. > > >>> > > >>> On Thu, Apr 2, 2015 at 12:49 PM, Alx <[email protected] > <javascript:;> > > >>> <javascript:_e(%7B%7D,'cvml','[email protected] <javascript:;>');>> > wrote: > > >>> > > >>> > I have a requirement from my client for the signature to contain > the > > >>> > UsernameToken element. According to the rest of his requirements > the > > >>> > security policy I am using is the following: > > >>> > > > >>> > <wsp:Policy wsu:Id="SecurityServiceSignThenEncryptPolicy"> > > >>> > <wsp:ExactlyOne> > > >>> > <wsp:All> > > >>> > <wsaws:UsingAddressing xmlns:wsaws=" > > >>> > http://www.w3.org/2006/05/addressing/wsdl"; /> > > >>> > <sp:SupportingTokens > > >>> > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 > > "> > > >>> > <wsp:Policy> > > >>> > <sp:UsernameToken > > >>> > sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > >>> > "> > > >>> > <wsp:Policy> > > >>> > <sp:NoPassword /> > > >>> > </wsp:Policy> > > >>> > </sp:UsernameToken> > > >>> > </wsp:Policy> > > >>> > </sp:SupportingTokens> > > >>> > <sp:AsymmetricBinding > > >>> > xmlns:sp=" > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702 > > "> > > >>> > <wsp:Policy> > > >>> > <sp:InitiatorToken> > > >>> > <wsp:Policy> > > >>> > <sp:UsernameToken > > >>> > sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > >>> > "> > > >>> > <wsp:Policy> > > >>> > <sp:NoPassword /> > > >>> > </wsp:Policy> > > >>> > </sp:UsernameToken> > > >>> > </wsp:Policy> > > >>> > </sp:InitiatorToken> > > >>> > <sp:RecipientSignatureToken> > > >>> > <wsp:Policy> > > >>> > <sp:X509Token > > >>> > sp:IncludeToken=" > > >>> > > > >>> > > > >>> > > > http://docs.oasis-open.org/ws-sx/ws-securitypolicy/200702/IncludeToken/Never > > >>> > "> > > >>> > <wsp:Policy> > > >>> > <sp:WssX509V3Token10 /> > > >>> > </wsp:Policy> > > >>> > </sp:X509Token> > > >>> > </wsp:Policy> > > >>> > </sp:RecipientSignatureToken> > > >>> > <sp:AlgorithmSuite> > > >>> > <wsp:Policy> > > >>> > <sp:Basic256Sha256 /> > > >>> > </wsp:Policy> > > >>> > </sp:AlgorithmSuite> > > >>> > <sp:Layout> > > >>> > <wsp:Policy> > > >>> > <sp:Lax /> > > >>> > </wsp:Policy> > > >>> > </sp:Layout> > > >>> > <sp:IncludeTimestamp /> > > >>> > </wsp:Policy> > > >>> > </sp:AsymmetricBinding> > > >>> > <sp:SignedParts> > > >>> > <sp:Body /> > > >>> > <sp:Header Namespace="http://www.w3.org/2005/08/addressing"; /> > > >>> > </sp:SignedParts> > > >>> > > > >>> > </wsp:All> > > >>> > </wsp:ExactlyOne> > > >>> > </wsp:Policy> > > >>> > > > >>> > > > >>> > The above works correctly for me. the only thing that I could not > > sign > > >>> is > > >>> > the UserbameToken I tried using: > > >>> > > > >>> > <sp:SignedElements> > > >>> > > > >>> > <sp:XPath xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"; > > >>> > xmlns:wsse=" > > >>> > > > >>> > > > >>> > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd > > >>> > " > > >>> > xmlns:wsu=" > > >>> > > > >>> > > > >>> > > > http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd > > >>> > "> > > >>> > > > >>> > > /soap:Envelope/soap:Header/wsse:Security/wsse:UsernameToken/wsse:Username > > >>> > </sp:XPath> > > >>> > > > >>> > </sp:SignedElements> > > >>> > > > >>> > which did not seem to work. > > >>> > > > >>> > Trying to debug I see that the SignedElementsBuilder class is > > accessed > > >>> but > > >>> > I am not sure where to debug next, where should the signing occurs. > > >>> > > > >>> > Any help will be appreciated. > > >>> > > > >>> > Alex > > >>> > > > >>> > > >>> > > >>> > > >>> -- > > >>> Colm O hEigeartaigh > > >>> > > >>> Talend Community Coder > > >>> http://coders.talend.com > > >>> > > >> > > >> > > > > > > > > > -- > > > Colm O hEigeartaigh > > > > > > Talend Community Coder > > > http://coders.talend.com > > > > > > > > > -- > Colm O hEigeartaigh > > Talend Community Coder > http://coders.talend.com >
